<?php
	session_start();

	if(!isset($_SESSION['id'])){
		header('Location:login.php');
	}
	if(isset($_POST)){

	$username=trim($_POST['username']);
	$password=trim($_POST['password']);
	$id=intval($_POST['id']);
	$status=intval($_POST['status']);
	if($username==""||$password==""){
		echo "<script>alert('请输入用户名和密码！'); history.go(-1);</script>";
	}
	elseif(!preg_match("/^[\x{4e00}-\x{9fa5}a-zA-Z]{1}[\x{4e00}-\x{9fa5}a-zA-Z0-9]{2,9}+$/u",$username)){
		echo "<script>alert('用户名由中文、字母、数字组成;且首位不能为数字,长度在3~10个字符'); history.go(-1);</script>";
	}
	elseif(!preg_match("/^[a-zA-Z0-9]{6,32}$/",$password)){
		echo "<script>alert('密码由字母、数字组成;且长度在6~16个字符'); history.go(-1);</script>";
	}
	else{
	$db=new PDO("mysql:host=localhost;dbname=shenji","root","");
	$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
	$db->query("set names utf8");
	$result1=$db->query("select password from user where id='$id'");
	$row=$result1->fetch(PDO::FETCH_ASSOC);
	if($password==$row['password']){
		$result=$db->exec("update user set username='$username',password='$password',status='$status'where id='$id'");
	}else{
		$pass=md5($password);

		$result=$db->exec("update user set username='$username',password='$pass',status='$status'where id='$id'");
	}

	
	$db=null;

}
	//$result->execute();
	
	echo "<script>location='select_user.php';</script>";
			
}
?>